Virtual Private Networks (Vpns - NETGEAR FVX538 - ProSafe VPN Firewall 200 Router Reference Manual

Vpn firewall

Hide thumbs Also See for FVX538 - ProSafe VPN Firewall 200 Router:

Reference manual (222 pages)

Reference manual (242 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

Table of Contents

ProSafe VPN Firewall 200 FVX538 Reference Manual

Virtual Private Networks (VPNs)

When implementing virtual private network (VPN) tunnels, a mechanism must be used for

determining the IP addresses of the tunnel end points. The addressing of the firewall's dual WAN

port depends on the configuration being implemented:

Table B-2. IP addressing requirements for VPNs in dual WAN port systems

Configuration and WAN IP address

VPN Road Warrior

(client-to-gateway)

VPN Gateway-to-Gateway Fixed

VPN Telecommuter

(client-to-gateway through

a NAT router)

a. All tunnels must be re-established after a rollover using the new WAN IP address.

For the single gateway WAN port case, the mechanism is to use a fully-qualified domain name

(FQDN) when the IP address is dynamic and to use either an FQDN or the IP address itself when

the IP address is fixed. The situation is different when dual gateway WAN ports are used in a

rollover-based system.

•

Rollover Case for Dual Gateway WAN Ports

Rollover for the dual gateway WAN port case is different from the single gateway WAN port

case when specifying the IP address of the VPN tunnel end point. Only one WAN port is active

at a time and when it rolls over, the IP address of the active WAN port always changes. Hence,

the use of a fully-qualified domain name is always required, even when the IP address of each

WAN port is fixed.

Note: Once the gateway router WAN port rolls over, the VPN tunnel collapses and must

be re-established using the new WAN IP address.

B-10

Single WAN Port

(reference case)

Fixed

Allowed

(FQDN optional)

Dynamic

FQDN required

Allowed

(FQDN optional)

Dynamic

FQDN required

Fixed

Allowed

(FQDN optional)

Dynamic

FQDN required

v1.0, March 2009

Dual WAN Port Cases

Rollover

Load Balancing

FQDN required

Allowed

(FQDN optional)

FQDN required

Allowed

(FQDN optional)

FQDN required

Allowed

(FQDN optional)

FQDN required

Network Planning for Dual WAN Ports

Table of Contents

Troubleshooting

This manual is also suitable for:

Fvx538v1 - prosafe vpn firewall dual wan Prosafe fvx538

Virtual Private Networks (Vpns - NETGEAR FVX538 - ProSafe VPN Firewall 200 Router Reference Manual

Virtual Private Networks (VPNs)

Troubleshooting

Related Manuals for NETGEAR FVX538 - ProSafe VPN Firewall 200 Router

Related Content for NETGEAR FVX538 - ProSafe VPN Firewall 200 Router

This manual is also suitable for:

Table of Contents